Meet the 19 startups in AngelPad’s 12th batch

AngelPad just wrapped the 12th run of its months-long New York City startup accelerator. For the second time, the program didn’t culminate in a demo day; rather, the 19 participating startups were given pre-arranged one-on-one meetings with venture capital investors late last week.

AngelPad co-founders Thomas Korte and Carine Magescas did away with the demo day tradition last year after nearly a decade operating AngelPad, which is responsible for mentoring startups including Postmates, Twitter-acquired Mopub, Pipedrive, Periscope Data, Zum and DroneDeploy.

“Demo days are great ways for accelerators to expose a large number of companies to a lot of investors, but we don’t think it is the most productive way,” Korte told TechCrunch last year. Competing accelerator Y Combinator has purportedly considered their eliminating demo day as well, though sources close to YC deny this. The firm cut its investor day, a similar opportunity for investors to schedule meetings with individual startups, “after analyzing its effectiveness” last year.

Feedback to AngelPad’s choice to forego demo day has been positive, Korte tells TechCrunch, with startup CEOs breathing a sigh of relief they aren’t forced to pitch to a large crowd with no promise of investment.

AngelPad invests $120,000 in each of its companies. Here’s a closer look at its latest batch:

LotSpot is a parking management tool for universities, parks and malls. The company installs cameras at the entrances and exits of customer parking lots and autonomously tracks lot occupancy as cars enter and exit. The LotSpot founders are Stanford University Innovation Fellows with backgrounds in engineering and sales.

Twic is a discretionary benefits management platform that helps businesses offer wellness benefits at a lower cost. The tool assists human resources professionals in selecting vendors, monitoring benefits usage and managing reimbursements with a digital wallet. Twic customers include Twitch and Oscar. The company’s current ARR is $265,000.

Zeal is an enterprise contract automation platform that helps sales teams manage custom routine agreements, like NDAs, independently and efficiently. The startup is currently working on test implementations with Amazon, Citi and Cvent. The founders are attorneys and management consultants who previously led sales and legal strategy at AXIOM.

ChargingLedger works with energy grid operators to optimize electric grid usage with smart charging technology for electric vehicles. The company’s paid pilot program is launching this month.

Piio, focused on SEO, helps companies boost their web presence with technology that optimizes website speed and performance based on user behavior, location, device, platform and connection speed. Currently, Piio is working with JomaShop and e-commerce retailers. Its ARR is $90,000.

Duality.ai is a QA platform for autonomous vehicles. It leverages human testers and simulation environments to accelerate time-to-market for AV sidewalk, cars and trucks. Its founders include engineers and designers from Caterpillar, Pixar and Apple. Its two first beta customers generated an ARR of $100,000.

COMUNITYmade partners with local manufacturers to sell their own brand of premium sneakers made in Los Angeles. The company has attracted brands, including Adidas, for collaborations. The founders are alums of Asics and Toms.

Spacey is a millennial-focused art-buying platform. The company sells limited-edition collections of fine-art prints at affordable prices and offers offline membership experiences, as well as a program for brand ambassadors with large social followings.

LegalPassage saves lawyers time with business process automation software for law firms. The company focuses on litigation, specifically class action and personal injury. The founder is a litigation attorney, former adjunct professor of law at UC Hastings and a past chair of the Family Law Section of the Bar Association of San Francisco.

Revetize helps local businesses boost revenue by managing reputation, encouraging referrals and increasing repeat business. The startup, headquartered in Utah, has an ARR of $220,000.

House of gigs helps people find short-term work near them, offering “employee-like” services and benefits to those freelancers and gig workers. The startup has 90,000 members. The San Francisco and Berlin-based founders previously worked together at a VC-backed HR startup.

MetaRouter provides fast, flexible and secure data routing. The cloud-based on-prem platform has reached an ARR of $250,000, with customers like HomeDepot and Sephora already signed on.

RamenHero offers a meal kit service for authentic gourmet ramen

RamenHero offers a meal kit for authentic gourmet ramen. The startup launched in 2018 and has roughly 1,700 customers and $125,000 in revenue. The startup’s founder, a serial entrepreneur, graduated from a culinary ramen school in Japan.

ByteRyde is insurance for autonomous vehicles, specifically Tesla Model 3s, taking into account the safety feature of self-driving cars.

Foresite.ai provides commercial real estate investors a real-time platform for data analysis and visualization of location-based trends.

PieSlice is a blockchain-based equity issuance and management platform that helps create fully compliant digital tokens that represent equity in a company. The founder is a former trader and stockbroker turned professional poker player.

Aitivity is a security hardware company that is developing a scalable blockchain algorithm for enterprises, specifically for IoT usage.

SmartAlto, a SaaS platform with $190,000 ARR, nurtures real estate leads. The company pairs agents with digital assistants to help the agents show more homes.

FunnelFox works with sales teams to help them spend less time on customer research, pipeline management and reporting. The AI-enabled platform has reached an ARR of $75,000 with customers including Botify and Paddle.

A look at all the companies participating in 500 Startups’ 24th accelerator program

from Apple – TechCrunch https://ift.tt/2CtAltR

Apple Music comes to Fire TV

Apple Music is launching on Amazon Fire TV in the U.S. today, after rolling out in December to Amazon’s Echo line of smart speakers. The news is notable as it’s yet another example of the eased tensions between the two rivals following Apple CEO Tim Cook’s 2017 announcement of Apple’s agreement with Amazon. Their deal allowed Amazon’s Prime Video app to launch on Apple TV and saw the return of Apple products on Amazon.com.

Since then, the companies have made several moves to honor their deal.

Last year, for example, Amazon expanded its assortment of Apple inventory to include other devices besides Apple TV — like iPads, iPhones, Apple Watch and Beats headphones. It also brought its FreeTime Unlimited app to iOS. And most recently, Apple Music arrived on Echo.

Now it’s coming to Amazon Fire TV, too.

The launch will allow Apple Music subscribers the ability to access the streaming service’s catalog of 50 million songs just by asking Alexa. Users can request songs, artists, playlists and albums by saying things like “Alexa, play today’s hits on Apple Music,” or “Alexa, play music by [artist’s name] on Apple Music,” for example.

On Fire TV Cube, Apple Music can also be streamed within multi-room music groups.

To use Apple Music on Fire TV, you’ll have to enable the Apple Music skill and link your account. (Those who had already done so in order to listen on their Echo device won’t need to do this again.)

Amazon isn’t the only company benefiting from Apple’s decision to shift more of its company’s focus to subscription services — like its streaming music offering and, soon, its streaming video service.

Apple also recently announced a partnership with Samsung to bring iTunes content to Samsung Smart TVs through a dedicated app and related deals with TV makers like Vizio and LG to support AirPlay. It’s said to be working on a similar deal to get AirPlay supported on Roku.

Apple Music is available to U.S. Fire TV owners starting today.

Amazon says Apple Music support will roll out to both Fire TV and Echo users in the U.K. in the weeks ahead.

from Apple – TechCrunch https://ift.tt/2TJOkWc

New Android adware found in 200 apps on Google Play

Security researchers have found a new kind of mobile adware hidden in hundreds of Android apps, and downloaded more than 150 million times from Google Play.

The malware masquerading as an ad-serving platform, dubbed SimBad by researchers at security firm Check Point, infected more than 200 apps which, likely unbeknownst to the app developer, would open a backdoor to install additional malware as a way to outsmart Google’s app store scanning. Once installed, the downloaded malware also removes the app icon and persists in the background, loading each time the device boots up.

Once the malware retrieves its instructions from the command and control server, the malware runs through lists of web addresses in the background, serving ads to generate fraudulent revenue.

Check Point provided a list of the apps, which Google pulled from Google Play following a disclosure by the security researchers. The list can be found here. Google’s removal from the app store does not delete the app from users’ devices.

The top ten downloaded games amount to 55 million downloads alone:

• Snow Heavy Excavator Simulator (10,000,000 downloads)
• Hoverboard Racing (5,000,000 downloads)
• Real Tractor Farming Simulator (5,000,000 downloads)
• Ambulance Rescue Driving (5,000,000 downloads)
• Heavy Mountain Bus Simulator 2018 (5,000,000 downloads)
• Fire Truck Emergency Driver (5,000,000 downloads)
• Farming Tractor Real Harvest Simulator (5,000,000 downloads)
• Car Parking Challenge (5,000,000 downloads)
• Speed Boat Jet Ski Racing (5,000,000 downloads)
• Water Surfing Car Stunt (5,000,000 downloads)

Some of the games, mostly simulation games — hence the malware’s name — date back on Google Play to March 2017, said Aviran Hazum, mobile threat intelligence team leader at Check Point, in an email to TechCrunch.

Hazum said the malware might be an adware for now, but has the potential to evolve into a larger threat.

A Google spokesperson, when reached, did not respond provide comment. The search giant typically doesn’t discuss app removals, largely because it’s an issue that keeps occurring. It’s far from the first time Google was forced to remove apps from its supposedly vetted app store. But time and again, the company had to react to dozens of bad apps that slip through its scanning efforts.

Google’s official figures put the number of apps it removed las year at about 700,000.

Google starts pulling unvetted Android apps that access call logs and SMS messages

from Android – TechCrunch https://ift.tt/2TII6FY
via IFTTT

Apple’s streaming service could feature content from partners

A report from Bloomberg shares some of the details about the long-rumored video streaming service from Apple. The company should unveil this service at a press conference in Cupertino on March 25.

While Apple has been working on a ton of original content for its new streaming service, Bloomberg says that most of them won’t be ready for the launch later this month. Apple will probably share some teasers on stage, but the launch lineup will mostly feature third-party content.

Apple is probably talking with everyone, but many premium cable channels still have to make up their mind about Apple’s streaming service. HBO, Showtime and Starz have to decide whether they want to be part of the launch by Friday.

It’s unclear if Apple is going to feature some or all content from those partners. Many of them already have a streaming service on their own. And you can already access their libraries from the TV app on your Apple TV or iOS device.

Apple could streamline the experience by letting you subscribe to various content bundles in its own streaming service. Amazon already provides something similar with Amazon Prime Video Channels. Netflix and Hulu will likely remain independent services as they compete directly with Apple’s original content effort.

When it comes to Apple’s other announcement, the company should also unveil its Apple News subscription on March 25. Apple acquired Texture last year and has been working on a digital magazine subscription for a while.

Unsurprisingly, it looks like Apple News' magazine service is prepared to launch on macOS too pic.twitter.com/df0oyJXvjF

— Steve Troughton-Smith (@stroughtonsmith) March 12, 2019

Once again, details are still thin for this new service when it comes to pricing, availability outside of the U.S. and content.

Last month, the WSJ reported that Apple has been working with Goldman Sachs on a credit card that would integrate deeply with the Apple Wallet app. Given that Apple’s event is about services, let’s see if the company talks about this new product as well.

from Apple – TechCrunch https://ift.tt/2UyHa4h

Taika Waititi will write and direct ‘Time Bandits’ series for Apple

Taika Waititi, the comedic filmmaker best known for directing “Thor: Ragnarok,” has signed on to co-write and direct the pilot of a “Time Bandits” series currently in development for Apple.

The series is being co-produced by Anonymous Content, Paramount Television and Media Rights Capital. Deadline broke the news of Waititi’s involvement.

The “Time Bandits” series was first announced last year. It’s based on the cult classic Terry Gilliam film of the same name, which follows a young boy who tags along with a group of dwarfs as they jump through space and time, hoping to get rich and encountering a long list of famous semi-historical figures (Sean Connery as Agamemnon! John Cleese as Robin Hood!) in the process

This is one of a number of projects that Waititi has coming out this year — he’s also an executive producer on the FX adaptation of “What We Do in the Shadows” (the vampire comedy he wrote, directed and starred in with Jemaine Clement), a director on “The Mandalorian” (the live-action Star Wars series for Disney+) and his next film “Jojo Rabbit” is due for release this fall.

And while we’ve been reporting for more than a year on all the movies and shows Apple has been commissioning, we may finally, finally get the first official details on the company’s streaming plans at an event on March 25.

Apple sends out invites for March 25 ‘special event’

from Apple – TechCrunch https://ift.tt/2UvIzIF

Apple sends out invites for March 25 ‘special event’

Apple sent out invites to reporters this afternoon for a March 25 special event at the Steve Jobs Theater in Cupertino.

Reports have suggested that the company will focus its keynote on the content side of its business. The invite offers some key hints that the video content service will be on full display at the invite, mainly a film reel countdown timer that eventually reveals the phrase “It’s show time.”

Here's a gif of the animation pic.twitter.com/YD3QZLi9Kf

— Matthew Panzarino (@panzer) March 11, 2019

Apple has been seeding a ton of TV shows and delivering plenty of announcements about the content that it has in the pipeline, but we’ve strangely heard quite little about the underlying platform or subscription that Apple has planned beyond media reports.

 

 

from Apple – TechCrunch https://ift.tt/2J9ctkL

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can be easily discovered.

The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found over 90 companies with publicly accessible folders.

Not even Box’s own staff were immune from leaking data.

The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.

Worse, some public folders scraped and indexed by search engines, making the data found more easily.

In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.

Adversis said it found passport photos, bank account and Social Security numbers, passwords, employee lists, financial data like invoices and receipts, and customer data were among the data found. The company contacted Box to warn of the larger exposures of sensitive data, but noted that there was little overall improvement six months after its initial disclosure.

“There is simply too much out there and not enough time to resolve each individually,” he said.

Adversis provided TechCrunch with a list of known exposed Box accounts. We contacted several of the big companies named, as well as those known to have highly sensitive data, including:

• Amadeus, the flight reservation system maker, which left a folder full of documents and application files associated with Singapore Airlines. Earlier this year, researcher found flaws that made it easy change reservations booked with Amadeus.

• Apple had several folders exposed, containing what appeared to be non-sensitive internal data, such as logs and regional price lists.

• Television network Discovery had more than a dozen folders listed, including database dumps of millions of customers names and email addresses. The folders also contained some demographic information and developer project files, including casting contracts and notes and tax documents.

• Edelman, the global public relations firm, had an entire project proposal for working with the New York City mass transit division, including detailed proposal plans and more than a dozen resumes of potential staff for the project — including their names, email addresses, and phone numbers.

• Nutrition giant Herbalife left several folders exposed containing files and spreadsheets on about 100,000 customers, including their names, email addresses and phone numbers.

• Opportunity International, a non-profit aimed at ending global poverty, exposed a list of donor names, addresses and amount given exposed in a massive spreadsheet.

• Schneider Electric left dozens of customer orders accessible to anyone, including sludge works and pump stations for several towns and cities. Each folder had an installation “sequence of operation” document, which included both default passwords and in some cases “backdoor” access passwords in case of forgotten passwords

• Pointcare, a medical insurance coverage management software company, had thousands of patient names and insurance information exposed. Some of the data included the last four-digits of Social Security numbers.

• United Tissue Network, a whole-body donation non-profit, exposed a body donor information and personal information of donors in a vast spreadsheet, including the prices of body parts.

Box, which initially had no comment when we reached out, had several folders exposed. The company exposed signed non-disclosure agreements on their clients, including several U.S. schools, as well as performance metrics of its own staff, the researchers said.

Box spokesperson Denis Roy said in a statement: “We take our customers’ security seriously and we provide controls that allow our customers to choose the right level of security based on the sensitivity of the content they are sharing. In some cases, users may want to share files or folders broadly and will set the permissions for a custom or shared link to public or ‘open’. We are taking steps to make these settings more clear, better help users understand how their files or folders can be shared, and reduce the potential for content to be shared unintentionally, including both improving admin policies and introducing additional controls for shared links.”

The cloud giant said it plans to reduce the unintended discovery of public files and folders.

Amadeus, Apple, Box, Discovery, Herbalife, Edelman and Pointcare all reconfigured their enterprise accounts to prevent access to their leaking files after TechCrunch reached out.

Amadeus spokesperson Alba Redondo said the company decommissioned Box in October and blamed the exposure on an account that was “misconfigured in public mode” which has now been corrected and external access to it is now closed. “We continue to investigate this issue and confirm there has been no unauthorized access of our system,” said the spokesperson, without explanation. “There is no evidence that confidential information or any information containing personal data was impacted by this issue,” the spokesperson added. We’ve asked Amadeus how it concluded there was no improper access, and will update when we hear back.

Pointcare chief executive Everett Lebherz confirmed its leaking files had been “removed and Box settings adjusted.” Edelman’s global marketing chief Michael Bush said the company was “looking into this matter.”

Herbalife spokesperson Jennifer Butler said the company was “looking into it,” but we did not hear back after several follow-ups. (Butler declared her email “off the record,” which requires both parties agree to the terms in advance, but are printing the reply as we were given no opportunity to reject the terms.)

When reached, an Apple spokesperson did not comment by the time of publication.

Discovery, Opportunity International, Schneider Electric, and United Tissue Network did not return a request for comment.

Data “dumpster diving” is not a new hobby for the skilled, but it’s a necessary sub-industry to fix an emerging category of data breaches: leaking, public, and exposed data that shouldn’t be. It’s a growing space that we predicted would grow as more security researchers look to find and report data leaks.

This year alone, we’ve reported data leaks at Dow Jones, Rubrik, NASA, AIESEC, Uber, the State Bank of India, two massive batches of Indian Aadhaar numbers, a huge leak of mortgage and loan data, and several Chinese government surveillance systems.

Adversis has open-sourced and published its scanning tool.

Here’s what to expect in cybersecurity in 2019

from Apple – TechCrunch https://ift.tt/2UtsqDy